Attackers have been leveraging a DLL side-loading flaw in a binary linked with the open-source c-ares library to deploy various illicit payloads, including Agent Tesla, XWorm, DCRat, Remcos RAT, Vidar Stealer, Lumma Stealer, Formbook, and CryptBot, as part of an ongoing malware campaign, The Hacker News reports.Oil and gas and import and export sector employees have been primarily targeted by the intrusions, which involved the placement of the nefarious DLL in the same directory as the binary to allow code execution, according to Trellix researchers."This malware campaign highlights the growing threat of DLL sideloading attacks that exploit trusted, signed utilities like GitKraken's ahost.exe to bypass security defenses. By leveraging legitimate software and abusing its DLL loading process, threat actors can stealthily deploy powerful malware such as XWorm and DCRat, enabling persistent remote access and data theft," said Trellix.Such findings follow a Trellix report detailing the growing prevalence of Facebook credential phishing scams harnessing the Browser-in-the-Browser attack technique.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds